Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5757
Views
11
Helpful
3
Replies

Determining NAT Pool size with overload

Go to solution
Joseph Lombardo
Level 1
Level 1

‎09-27-2011 11:53 AM - edited ‎03-07-2019 02:28 AM

Is there a method for determining the optimal number of inside global addresses to have in a NAT pool when using overload?

My organization has 62 addresses and 1000 clients currently.  The nat statistics show that 60 of the addresses are in use.  When I do sh ip nat translation it shows that most of our clients are using the first address in the pool.  The remaining 59 addresses are being used by one client each.  These 59 addresses are only using well know port numbers.

We are moving to a new ISP and I would like to reduce this number to 14 inside global address in our NAT pool.  I remember reading somewhere that there was a way to determine the correct number of address in a pool but I can not find it.

Thanks for any help.

Joe

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎09-27-2011 12:18 PM

Joseph,

Check out the NAT FAQ document at

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_q_and_a_item09186a00800e523b.shtml

and see specifically the answers to these two questions:

  1. When configuring for PAT (overloading), what is the maximum number oftranslations that can be created per inside global IP address?
  2. How does PAT work?

Following that information, the PAT always tries to keep the original port intact, and if it is already used on a particular global address, it tries to find another global address in the pool that has the port still free. That explains the behavior you are seeing - lots of public addresses being used by a small number of translations.

Considering the fact that the NAT code splits the ports into three groups - 0:511, 512:1023, 1024:65535, and that the clients inside your network are using mostly client ports from the third group, a single global IP address can handle approximately 64512 simultaneous connections. Multiply that by the total number of IP addresses in the global pool and you will get a rough estimate of the total number of simultaneous connections that can be handled by your NAT configuration - in your case, 62*64512 = 3,999,744.

Please note that there is no direct answer for the question if this number is enough for 1000 PCs. On average, this allows each station to keep roughly 3,999 simultaneous connections open. I would personally say that such a figure is more than enough but that ultimately depends on the network services your stations are using. Also, the NAT translation timeouts should be considered, as lingering NAT entries may keep ports allocated for prolonged time.

My two cents on this.

Best regards,

Peter

View solution in original post

3 Replies 3

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎09-27-2011 12:18 PM

Joseph,

Check out the NAT FAQ document at

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_q_and_a_item09186a00800e523b.shtml

and see specifically the answers to these two questions:

  1. When configuring for PAT (overloading), what is the maximum number oftranslations that can be created per inside global IP address?
  2. How does PAT work?

Following that information, the PAT always tries to keep the original port intact, and if it is already used on a particular global address, it tries to find another global address in the pool that has the port still free. That explains the behavior you are seeing - lots of public addresses being used by a small number of translations.

Considering the fact that the NAT code splits the ports into three groups - 0:511, 512:1023, 1024:65535, and that the clients inside your network are using mostly client ports from the third group, a single global IP address can handle approximately 64512 simultaneous connections. Multiply that by the total number of IP addresses in the global pool and you will get a rough estimate of the total number of simultaneous connections that can be handled by your NAT configuration - in your case, 62*64512 = 3,999,744.

Please note that there is no direct answer for the question if this number is enough for 1000 PCs. On average, this allows each station to keep roughly 3,999 simultaneous connections open. I would personally say that such a figure is more than enough but that ultimately depends on the network services your stations are using. Also, the NAT translation timeouts should be considered, as lingering NAT entries may keep ports allocated for prolonged time.

My two cents on this.

Best regards,

Peter

Go to solution
Joseph Lombardo
Level 1
Level 1
In response to Peter Paluch

‎09-28-2011 04:59 AM

Thanks that was the info I was looking for.

0 Helpful

Go to solution
Md. Mahbubul Alam
Level 1
Level 1
In response to Peter Paluch

‎10-11-2018 02:29 AM - edited ‎10-11-2018 06:44 AM

thanks for the information, it's very helpful for me.

i can add some information as like if you using 4-four public ip for NAT Overload then the dynamically public ip using ratio is 1:4 that means 25% per public ip using the port [0-65535] for clients. if 25% NAT port are used of first public ip then will be use second public ip.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card